General
-
Target
DRVHDD.EXE.exe
-
Size
621KB
-
Sample
221013-pt2k7seaap
-
MD5
ca7c02df3ed08ea9cab8da59f1e5bd8d
-
SHA1
97eb40ea42e9c3b531a70bc298fece3885f59e3f
-
SHA256
4ad0cac19bc9ebbdfc08c8440d4d5a7da007ddc252b15fc0c536476917bb6532
-
SHA512
dd65d2213a8229d8ff475194235f5662278e235eda7aedd141d524ce94d6206ed14ed5ff78b251ea2abab5f04d8751f0301c5a011cf868bed1aa812b4c28e8e5
-
SSDEEP
12288:zPdlIazoZLq2wHCRzwR/NlljwYWRyDnGVZu0+O:jd+aEZeLHkUR/NjMYzDGLu0n
Static task
static1
Behavioral task
behavioral1
Sample
DRVHDD.EXE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DRVHDD.EXE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
New-July-July4-0
45.74.4.244:35800
DC_MUTEX-RT27KF0
-
gencode
cKUHbX2GsGhs
-
install
false
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
false
Targets
-
-
Target
DRVHDD.EXE.exe
-
Size
621KB
-
MD5
ca7c02df3ed08ea9cab8da59f1e5bd8d
-
SHA1
97eb40ea42e9c3b531a70bc298fece3885f59e3f
-
SHA256
4ad0cac19bc9ebbdfc08c8440d4d5a7da007ddc252b15fc0c536476917bb6532
-
SHA512
dd65d2213a8229d8ff475194235f5662278e235eda7aedd141d524ce94d6206ed14ed5ff78b251ea2abab5f04d8751f0301c5a011cf868bed1aa812b4c28e8e5
-
SSDEEP
12288:zPdlIazoZLq2wHCRzwR/NlljwYWRyDnGVZu0+O:jd+aEZeLHkUR/NjMYzDGLu0n
Score10/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-